I have the inherited the following string (I can do nothing about the format):
<iframe \n class=\"some_class\"\n type=\"text/html\" \n src=\"/embed/iframe_content.html?id=tsqA5D7_z10\" \n width=\"960\" \n height=\"593\" \n marginwidth=\"0\" \n marginheight=\"0\" \n frameborder=\"0\">\n</iframe>
I am rendering it in an erb template like this:
<%= the_string %>
At the moment it renders as text like this:
<iframe class="some_class" type="text/html" src="/embed/iframe_content.html?id=tsqA5D7_z10" width="960" height="593" marginwidth="0" marginheight="0" frameborder="0"></iframe>
I need to render it as HTML.
I have tried the following:
<%= the_string.html_safe %> # Renders the string unchanged<%= CGI.unescapeHTML(the_string) %> # Errors with a Type Error 'can't dup NilClass'<%= CGI.unescapeHTML(the_string).html_safe %> # Errors with a Type Error 'can't dup NilClass'<%= raw the_string %> # Renders the string unchanged
How can I render this string as HTML?
As you seem to have noticed, there are two things you need to take care of:
- Unescaping the HTML entities
- Printing the raw html in your view
For number 2 <%= raw ... %> should work fine.
For number 1 CGI.unescapeHTML was the right idea, but I don't think it recognizes all HTML entities so I would recommend taking a look at the HTML Entites gem
You can also try and use the simple_format helper method, but I think you are going to have to pass it some options for it to allow the <iframe> tag
also I would strongly suggest moving your unescaping logic into a helper method.
what you are unescaping must not be a string and thats why you are getting Errors with a Type Error can't dup NilClass
Try doing
s = String.new your_obj.to_s
Now do
CGI.unescapeHTML(s)
In the end I had to use the HTMLEntities Gem suggested by Matthew;
Installed the gem with RVM and added it to my Gemfile
Required it in my application.rb
The following was the only way I could get it to render correctly. Note the extra single quotes wrapped around the_string. Without them the angle brackets don't render, though everything else does.
coder = HTMLEntities.new
raw coder.decode("'"+the_string+"'")
Version 3 sounds valuable. Any reason why you are not using the_string?
<%= raw CGI.unescapeHTML(the_string) %>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《Unescaping HTML string》','https://www.manongdao.com/article-433651.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}